Navigate to Configuration> Security> Authentication> L3 Authentication> VPN Authentication> Default-RAP. Make sure the "Server Group" paramater is assigned to the default server group, and when you click on the server group it has the "Internal Database" listed. In ArubaOS 6.3, you are allowed to point to an external radius server to authorize RAP devices via mac address. If this server group was accidentally changed to something besides default, or the default server group did not have the "Internal" server assigned, it would not point to your RAP whitelist and create the issue you are seeing.